Captcha’ In Web Security

8/2/2019 Captcha In Web Security

1/36

Captcha In Web Security: Secure or Not ?

Presented By Abhishek Sharma

(08CE04 )


2/36

How CAPTCHA Looks Like ?

CAPTCHA

Used By Google


3/36

CAPTCHA : The Acronym

Completely Automated P ublic

Turing Test to Tell Computers and Humans

Apart


4/36

CAPTCHA : Literal Meaning

Completely : Whole

Automated : Made by Machine

P ublic : Universally Known

Turing Test to Tell : Test Presented

by Alan Turing

Computers andHumans

Apart


5/36

Contents

Introduction History The Need of CAPTCHA Basic Terminologies Earlier CAPTCHAs

How does a CAPTCHA work? Types of CAPTCHA Implementation of CAPTCHA Can CAPTCHA be broken? CAPTCHA Guidelines

Applications Benefits of CAPTCHA Limitations of CAPTCHA Conclusion


6/36

Introduction

A CAPTCHA is a type of Challenge-response test used in computing asan attempt to ensure that the response isgenerated by a person or by some other

Computer.It is needed because activities such

as online commerce transactions, searchengine submissions, Web polls, Web

registrations, free e-mail service registrationand other automated services are subject tosoftware programs, or bots.


7/36

CAPTCHA : History

1997: Andrei Broder at AltaVista wanted toprevent bots from automatically submittingsites for indexing.

He decided to add a test to the submissionpage.

He reversed Brother scanner OCR optimizationtechniques.

2000: Luis von Ahn, Manuel Blum & JohnLangford at CMU trademarked CAPTCHA.

Yahoo partnered CMU to counter these threatsin Messenger chat service.


8/36

CAPTCHA : The Basic Needs

In 1999, slashdot.org issued an online poll asking usersto pick the best computer science school in the US.

Students at MIT and Carnegie Mellon University created

voting bots to vote for their school multiple times MIT finished with 21156 votes and Carnegie Mellon

Finished with 21032 votes.

All other schools finished with less than 1000 votes.

Proved that online polls could not be trusted unless theyensured that only humans could vote.

In September 2000, Yahoo! reported that bots wereentering their online chat rooms & pointing legitimateusers to advertising sites.


9/36

CAPTCHA : The Basic Needs

Yahoo! turned to CMU to help them solve their problem.

Luis von Ahn, Manual Blum, Nicholas Harper, and JohnLangford developed CAPTCHA.

They determined that CAPTCHAs should :

1. Present challenges that are automatically generated andgraded.

2. Be simple enough to be taken quickly and easily by

humans.3. Accept virtually all human users and reject few.

4. Reject virtually all machine users.

5. Resist automatic attacks for many years to come.


10/36

CAPTCHA : Terminologies

Bots

Turing Test

Challenge Response Test

Spam


11/36

Terminologies : BOTS

A bot is a software program on the Internet.It is a software agent that interact with other network services intended for people as if it was a real person .

Types of Bot :-

1. Voting Bots

2. Email Account Registration Bots

3. Email Spam Bots


12/36

Terminologies : Turing Test

A mathematician, Alan Turing imagined a game in which three players played it. One isinterrogator, who had to find out that which one is themachine.

What is a Turing test?To test a machines level of intelligence Human judge asksquestions to two participants, one is a machine, he doesntknow which is which If judge cant tell which is the machine, the machine passesthe test

CAPTCHA employs a reverse Turing test, judge = CAPTCHA program,participant = userif user passes CAPTCHA, he is humanif user fails, it is a machine


13/36

Terminologies :Challenge Response Test & Spam

What is Challenge Response Test ? A challenge-response test is a test

involving a set of questions (or "challenges"), that the personor other entity has to answer in order to pass the test. If theperson or entity provides an adequate response to the

challenges, then it is seemed that this person or entity haspassed the test.

What is SPAM ?

Spamming is the act of sendingunwanted electronic messages in bulk. In the popular eye, the

most common form of spam is that delivered in e-mail as a formof commercial advertising.

Sending bulk messages in this fashion,to recipients who have not desired them, has come to be knownas spamming , and the messages themselves as spam .


14/36

CAPTCHA : Earlier Design

Gimpy:- A puzzle consists of a display of ten distorted

and overlapping words chosen at random froma dictionary of simple words .

Solving the puzzle requires to identify only

three of the ten words and to type them intothe box provided. It looks Like below figure.


15/36

CAPTCHA :How does It works ?

A CAPTCHA image is generatedrandomly on the web page from the stored database thathave two attributes: the one is for the image and theother one is for the key associated to that image. Whenthe user has entered the letters in the textbox provided

then these letters are matched with the secret key. If thekey is matched then the user is redirected to the nextpage else the new CAPTCHA image will displayed andthe same process is repeated.


16/36

CAPTCHA :Different Types of CAPTCHAs

Text Based CAPTCHA Graphic Based CAPTCHA Gimpy CAPTCHA E-Z Gimpy CAPTCHA Audio Based CAPTCHA reCAPTCHA and book

digitalization


17/36

CAPTCHA :Text Based CAPTCHA

Simple, normal language questions: What is sum of three and thirty-five? If today is Saturday, what is day after

tomorrow? Which of mango, table, water is a fruit?

Very effective, needs a large questionbank Cognitively chalenged users find it hard.

Types of Text Based CAPTCHA P rinted CAPTCHA

H-CAPTCHA


18/36

Text Based CAPTCHA :Printed CAPTCHA

Printed CAPTCHA is difficult to breakLots of algorithms are available to generate theseHumans cannot identify these very easilyTwo major types are there viz. Baffle text,Pessimal print.

Baffle Text Based CAPTCHADeveloped by Monica Chew and Henry BairdUses pronounceable English characters with masking thatare not present in English dictionary

Pessimal Print Image CAPTCHADeveloped by Allison Coates and Henry Baird and Richard

FatemanUses the degradation model simulating physical defectscaused by printing and scanning of printed text


19/36

CAPTCHA :Graphic Based CAPTCHA

BONGO1. A visual recognition problem.

2. Two sets of shapes with a distinguishing characteristic.

3. Must choose which set the shape belongs to.

PIX A database of label ed images of recognizable objects

Randomly chooses an object and displays N pictures of it.

Must correctly identify the object.

Pictures are distorted.

Image based captcha .
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


20/36

CAPTCHA :Gimpy CAPTCHA

Gimpy CAPTCHA : Designed by Yahoo and CMU. Picks up 10 random words from

dictionary and distorts, fills with noise. User has to recognize at least 3 words.

If user is correct, he is admitted. Below is a Example of Gimpy.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


21/36

CAPTCHA :E-Z Gimpy CAPTCHA

EZ-Gimpy CAPTCHA: A modified version of Gimpy. Yahoo used this version in Messenger. Has only 1 random string of characters. Not a dictionary word, so not prone to

dictionary attack. Not a good implementation, already

broken by OCRs.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


22/36

CAPTCHA : Audio Based CAPTCHA

Audio CAPTCHAs :Consist of downloadable audio clipUser listens and enters the spoken wordHelps visually disabled users

Below is the Googles audio enabled CAPTCHA Not popular
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


23/36

CAPTCHA :reCAPTCHA & Book Digitalization

Verify digitized books: reCAPTCHA Used in Google Books Project Two words are shown, the program

knows first word If user enters first word correctly, it

assumes that the second unknown wordwill also be entered correctly Second word becomes known
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


24/36

CAPTCHA :Implementation & Creation

Creating CAPTCHA in Different Fashion1. One way to create a CAPTCHA is to pre-determine the

images and solutions it will use. This approach requiresa database that includes all the CAPTCHA solutions,which can compromise the reliability of the test.

2. A CAPTCHA can be created using a Image and somecharacters by applying some effects on them likeblurring, distortion etc.

3. One can make His/her Own CAPTCHA for a web forumby using some randomize function in which Some sort of

strings are generated randomly.

4. a CAPTCHA might include series of shapes and ask theuser which shape among several choices would logicallycome next. The problem with this approach is that not allhumans are good with these kinds of problems and the

success rate for a human user can go below 80 percent.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


25/36

CAPTCHA :Implementation

There are two basic Implementation of CAPTCHA for aWebsite or Web Forum.

1. Embeddable CAPTCHAs : The easiest implementation of a

CAPTCHA to a Website would be to insert a few lines of CAPTCHAcode into the Websites HTML code, from an open source CAPTCHAbuilder, which will provide the authentication services remotely. Mostsuch services are free. Popular among them is the service provided bywww.captcha.net s reCAPTCHA project.

2. Custom CAPTCHAs : These are less popular because of theextra work needed to create a secure implementation. Anyway, theseare popular among researchers who verify existing CAPTCHAs andsuggest alternative implementations .
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


26/36

CAPTCHA :Can CAPTCHA be broken ?

The answer to this question is: YES!

Given enough effort, absolutely every CAPTCHA algorithm can be broken.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


27/36

CAPTCHA :Breaking A CAPTCHA

A very Popular method used for breaking a CAPTCHA isOCR(Optical Character Recognition).

Most text based CAPTCHAs have been broken bysoftware Computer Character Recognition.

Other CAPTCHAs were broken by screaming the testsfor unsuspecting users to solve.


28/36

Breaking A CAPTCHA :Computer Character Recognition

A number of research projects have attempted (often withsuccess) to beat visual CAPTCHAs by creating programsthat contain the following functionality:

1.Pre processing2.Segmentation3.Classification


29/36

Computer Character Recognition :Step By Step Process

Pre-processing Application of algorithms to remove the effects of distortion,

blurring, clutter, background noise, etc.

Easy problem for computers to solve.

Segmentation

Splitting the image into regions which contain a singlecharacter.

Complex and computationally expensive.

Character Recognition

OCR software used to identify the characters
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


30/36

CAPTCHA :Guidelines For CAPTCHA

Accessibility All users need to have access to the protected site.

For example, visually-impaired users need audio CAPTCHAs.

Image Security Images must be secure enough to prevent OCR-based attacks.

Random and thorough distortion techniques.

Script Security Programs must be secure as well.

Passwords passed in encrypted text.

Destroy sessions after a CAPTCHA is solved.

Security AfterWidespread Adoption

Large pool of dictionary or words or images.

Phonetic generators and nonsense words.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


31/36

CAPTCHA :Guidelines For CAPTCHA

Security from OCR is achieved by randomness:

Making the letters wiggly:

Adding noise or lines:

Using a messy background:

Crowding or blending letters:

Segmenting characters:

Varying font thickness, color:


32/36

CAPTCHA : Applications Of CAPTCHA

1. Online Polls2. Protecting Web Registration:3. Preventing comment spam4. Search engine bots5. E-Ticketing6. Email spam7. Preventing Dictionary Attacks

8. As a tool to verify digitized books9. Improve Artificial Intelligence (AI)

technology
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


33/36

CAPTCHA :Benefits of CAPTCHA

Using a CAPTCHA significantly narrows the number of potential attackers on your website. CAPTCHA imagesensure that not every beginner hacker can attack yourweb forms.

You can always change the algorithm used if the previousone is broken. It's highly unlikely that a hacker will spendhis entire time trying to break new algorithms as youchange them.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


34/36

CAPTCHA :Limitations of CAPTCHA

CAPTCHA is not 100% solution for all the problems likeBOTs and Spams .

CAPTCHA can be broken.

1. Using Computer Character Recognition software.2. Using cheap human labor to process the test.


35/36

CAPTCHA :Conclusion

As with all security solutions, risk can only be decreased,but there is no such thing as a single security measurethat is 100% safe. But the presence of a CAPTCHA isalways necessary when you need to enhance the stability

and security of any web service or application.

So a CAPTCHA is a technique that can generate andgrade that :

A human can pass very easily but its not so easyfor any computer or software program.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix


36/36

! QUERIES !
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix

Captcha’ In Web Security

Documents

Transcript of Captcha’ In Web Security